Returnil: after rebooting, where does everything go?

Discussion in 'sandboxing & virtualization' started by Boost, May 17, 2008.

Thread Status:
Not open for further replies.
  1. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Just curious where the malware goes,where do the installed programs,etc disappear to,when your done rebooting the computer :shifty:
     
  2. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    It has a module on it that sucks it all up and sends it to a black hole deep in the Alpha Centari system. :D

    Seriously though where basically your system is running in ram and nothing is being written to disc, when you reboot all is lost. I am not sure about when you are using the disc cache method on the premium version.
     
  3. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    I imagine it is deleted and tagged as rewritable.

    It would be nice to know that it is also overwritten or zeroed out.

    Does any body know for sure? (perhaps it is proprietary info).
     
  4. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Coldmoon will be along to give an answer I am sure.
     
  5. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I am Not Realy sure,I really dont understand the to technical stuff.The way I see it as it takes a snap shot image then isolates your partion from running the native windows.If you install something It is technically writen to the the drive.Then upon reboot everything Is lost as If a restore to a previous snapshot image of the native windows it isolated.Is It not In a sense like windows restore to go back to a earlier image.
     
  6. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    it may clone the $MFT to memory and save the change to the $MFT in memory. when restart, all the data in the RAM will be lost.
     
  7. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Threedog said:
    That might have to wait for RVS v1000.0 :D

    cortez asked:
    djohn replied:
    Hi cortez and djohn,
    RVS takes control of the disk while making Windows believe that it is in control so there is no need for snap shots. RVS clones what is needed on the fly; this in combination with the same disk control gives RVS unique capabilities.

    This said, it is true that some remnants of the cloned changes remain on the HDD after reboot but these remnants are only discoverable using forensic techniques (cannot be casually discovered).

    We will be re-introducing an older feature that was pulled from testing in the 1.7x series due to instability and need for further development. This is included as a new Advanced Settings option that will wipe the disk cache.

    Mike
     
  8. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Thanks for the info!
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    So Boost, how are you liking it.;)
     
  10. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    Great news, I am enjoying the global protection of Returnil; this is a definite positive attribute in my view.

    With the upcoming SELF WIPING CAPABILITIES, It will fortify an already strong anti malware application. It will no doubt be in the armory of many user's computer protection strategies. :cool:

    I am already quite pleased with Returnil except for the need to reboot to turn the protection on ( I do not have it automatically turned on upon boot up).

    With "Norton's Security Suite" on this particular partition, it takes many minutes to reboot; (as I am now a senior citizen, sometimes I get the desire for things to get done very quickly every now and then).

    Perhaps this is unreasonable given the protection archived with a simple re-boot. Over all Returnil Premium is worth its price--no doubt about it.
     
  11. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Cortez,
    What you are looking for is the Session Lock (right click the tray icon and select "Enable") which turns protection on without a reboot but will be off at the next restart of Windows.

    Mike
     
  12. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293

    Working great! :D

    Plan on reformatting,so I can start out really clean :cool:
     
  13. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Memory caching or disk caching? And how many mb on the latter?
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's the only way to do it right : complete re-installation from scratch and then Returnil to keep it clean.
    If you have an Image Backup take images at the right moment and keep them as clean images for restoration only and/or to upgrade your clean images.
     
  15. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    That is what I did. Added Threatfire in for good keeping but nothing like a new virgin image.;)
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Returnil will keep it clean as recovery software, while ThreatFire will stop malware as security software.
    If ThreatFire would make a mistake and the malware installs itself, Returnil will remove that mistake as recovery software.
    That's the way I see it.
     
  17. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    Spoke too soon! (should have done more investigating).

    Coldmoon: Thanks for the important and time saving tip --cortez
     
Loading...
Thread Status:
Not open for further replies.